This is an automated email from the ASF dual-hosted git repository.
lidavidm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new b862b164a6 GH-39299: [Java] Upgrade to Avro 1.11.3 (#39300)
b862b164a6 is described below
commit b862b164a644a92f8a802954fcad179bf28e020e
Author: JB Onofré <[email protected]>
AuthorDate: Tue Dec 19 17:41:28 2023 +0100
GH-39299: [Java] Upgrade to Avro 1.11.3 (#39300)
### Rationale for this change
Upgrade to Avro 1.11.3 to fix CVE-2023-39410
### What changes are included in this PR?
Upgrade to Avro 1.11.3
### Are these changes tested?
Run local tests especially on Avro adapter
### Are there any user-facing changes?
Not directly
* Closes: #39299
Authored-by: JB Onofré <[email protected]>
Signed-off-by: David Li <[email protected]>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index f6dcfadb81..75e0946f10 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -39,7 +39,7 @@
<dep.jackson-bom.version>2.16.0</dep.jackson-bom.version>
<dep.hadoop.version>2.7.1</dep.hadoop.version>
<dep.fbs.version>23.5.26</dep.fbs.version>
- <dep.avro.version>1.10.0</dep.avro.version>
+ <dep.avro.version>1.11.3</dep.avro.version>
<arrow.vector.classifier />
<forkCount>2</forkCount>
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
